         ....
|
Guardian Digital Inc. >
InfoCenter >
Mailing List Archives >
Amavis
Amavis Mailing List Archive
>Looking at the docs, it seems it has reasonable defaults,
>so something like:
>
> '--timeout=60 --temp=$TEMPBASE {}'
>
>
How would this look in the config file?...
Currently, this is what my config has to run Vexria:
['H+BEDV AntiVir or CentralCommand Vexira Antivirus',
['antivir','vexira'],
'--allfiles -noboot -nombr -rs -s -z {}', [0], qr/ALERT:|VIRUS:/,
qr/(?x)^\s* (?: ALERT: \s* (?: \[ | [^']* ' ) |
(?i) VIRUS:\ .*?\ virus\ '?) ( [^\]\s']+ )/ ],
# NOTE: remove the -z if you only have a demo version
The name of the binary has changed to vascan, and the docs tell me that I need to specify --action to make it run automatically.. Some direction from someone who has successfully done this would be much appreciated! I have a 150,000 Msg/day server cluster to upgrade, so I'd like to be sure of what I'm doing before I break everything.. :-)
vascan --help provides this:
root@wh-mrtgp1:/usr/lib/vascan# ./vascan --help
Vexira Scanner 1.0.0 for Linux (2004-12-01)
Usage: vascan [OPTIONS]... [TARGETS]...
-h, --help Print help and exit
-V, --version Print version and exit
Registration:
You have to wait 30 seconds after program start without valid registration!
-k, --registration-key=REG registration key from the licence agreement.
-u, --registered-user=NAME username to whom the licence agreement is filled
out.
Running mode:
-c, --config=CONFIG obtain missing options from CONFIG file.
The commandline options take precedence over
their equivalents given in config file.
(default=`vascan.ini')
-o, --old do not warn if VDB is older than two weeks.
-q, --quiet display messages only when virus is found.
Targets to be scanned:
-b, --boot enables scanning of boot sectors of attached
devices, too. This option works on Windows/DOS
only. (default=off)
-f, --file=FILE obtains targets to be scanned from FILE.
-p, --pattern=PATTERN specifies filename patterns, so that only files
of which basename matches any of the patterns
will be scanned. Multiple patterns can be
separated by '|'.
-Z, --skip-archive disables scanning inside compressed files.
(default=off)
-M, --skip-mail disables scanning inside mail files (RFC 822).
(default=off)
-R, --skip-subdir skips files in subdirectories under TARGETS if
those are directories. (default=off)
--follow-symlink follows symbolic link when searching for files.
This option has no effect on Windows and DOS.
(default=off)
Scanning methods and operation:
-s, --scanning=LEVEL adjust scanning method level (possible
values="quick", "strict", "full"
default=`strict')
-e, --heuristics=LEVEL adjust heuristic examination level (possible
values="off", "normal", "high"
default=`normal')
-a, --action=ACTION action to be taken automatically on virus alert.
More than one action can be specified, and in
such cases, the first available action will be
taken. If this option is not specified at all,
user is asked on each alert. (possible
values="delete", "kill", "quarantine",
"rename", "skip")
--remove-macro automatically removes _all_ macros from `Office'
documents. (default=off)
--thread=NUM maximum number of scanning threads.
This option has no effect on DOS.
(default=`1')
--timeout=NUM number of seconds within a thread should finish
the scanning of one object. Consider to raise
this limit in case of huge archive files.
(default=`120')
--timeout-abort exits when the first thread is timed out.
(default=off)
Quarantine operations:
The following actions accept zero or more arguments (`keys' or `key:FILE'
pairs) specifying the operands for the desired operation. Multiple actions
with arguments are permitted, and the keys can be obtained by `--list'.
If no key is given at all, the selected action is performed on each file in
the quarantine. Files can be filtered by `--status' in both cases.
--status=STATUS quarantine files with STATUS will be selected
only for the desired operation.
The default values are 'all', 'infected' and
`clean' for `--list', `--delete' and
'--restore', respectively. (possible
values="all", "clean", "infected",
"suspicious", "deleted")
-l, --list[=key] displays information about quarantined file(s)
in quarantine directory (`--quarantine') such
as 'key' and STATUS beside original location,
file size and last modification date.
--delete[=key] deletes quarantined file(s).
--rescan[=key] rescans quarantined file(s).
`--status' has no effect on this operation.
--restore[=key[:FILE]] restores quarantined file(s) to FILE or its
original location if FILE is omitted.
--saveas=key:FILE saves quarantined file(s) specified by key
(required!) to FILE(s).
-w, --overwrite allows for `--restore' and `--saveas' to
overwrite existing FILE(s). (default=off)
Working files and directories:
--log[=FILE] file where to save messages for further use.
(default=`vascan.log')
-y, --quarantine=DIR secure directory where to move infected files on
request; using absolute pathname is strongly
recommended!
-t, --temp=DIR directory where to extract scanned files.
-d, --vdb=FILE virus database file to indentify viruses.
(default=`vexira8.vdb')
root@wh-mrtgp1:/usr/lib/vascan#
Thanks!
Richard.
--
Richard Whittaker, CISSP
System Manager,
NorthwesTel Inc.
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://productguide.itmanagersjournal.com/
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
|
